<?php

@$login = $_REQUEST['login'];
@$password = $_REQUEST['password'];
@$code = $_REQUEST['code'];

session_start();

include 'db/code.php';

if(!checkCode($code)){
	$mes = '验证码错误';
	include 'login.php';
	die;
}

include 'db/li.php';

@$user = dbSelect('select id,password from user where login=:login',array('login'=>$login));

if(empty($user)){
	$mes = '帐号错误';
	include 'login.php';
	die;
}
if ($user['password']!=$password){
	$mes="密码错误";
	include 'login.php';
	die;
}
unset($user['password']);
$_SESSION['userId'] = $user['id'];
header('Refresh:0;url=index.php');